Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Avast found a rootkit

Started by liz1176 , Aug 02 2009 12:58 PM

  • Please log in to reply

#1
liz1176
Posted 02 August 2009 - 12:58 PM

liz1176

    New Member

  • Member
  • Pip
  • 1 posts
My laptop is running super slow. Malwarebytes scan showed no malware. Can someone just look and see if there is another problem. I really appreciate it.

Edited to add: I've also started to have some hardware issues, such as, my power button isn't working (I have to unplug and replug in my laptop to turn it on) and the fan is making a funny noise. I don't know if its related but I thought it was worth mentioning.

Below is a hijackthis log, root repeal log, and OTL logs.









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:30 PM, on 8/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\wltrysvc.exe
E:\WINDOWS\System32\bcmwltry.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\WLTRAY.exe
E:\WINDOWS\system32\khooker.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Motorola Wireless Manager UI] E:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] E:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - E:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/...rs.1.0.0.39.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaon...ns/IDMFlash.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/...h2.1.0.0.68.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1180713511901
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1180714949609
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn...gr.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/...he.cab75406.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/...vl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/...tg.1.0.0.37.cab
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn...6/heartbeat.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/...ersion=1,0,0,10
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace...ronGameHost.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - E:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8081 bytes



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/02 12:29
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: E:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEB2F5000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: E:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xED07D000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: E:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB69DA000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "E:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xeb3156b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "E:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xeb315574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "E:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xeb315a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "E:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xeb31514c

#: 119 Function Name: NtOpenKey
Status: Hooked by "E:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xeb31564e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "E:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xeb31508c

#: 128 Function Name: NtOpenThread
Status: Hooked by "E:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xeb3150f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "E:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xeb31576e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "E:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xeb31572e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "E:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xeb3158ae

==EOF==



OTL logfile created on: 8/2/2009 12:33:39 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = E:\Documents and Settings\Liz Dennington\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 220.09 Mb Available Physical Memory | 49.18% Memory free
1.03 Gb Paging File | 0.77 Gb Available in Paging File | 74.90% Paging File free
Paging file location(s): E:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 18.63 Gb Total Space | 14.05 Gb Free Space | 75.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 37.25 Gb Total Space | 25.16 Gb Free Space | 67.55% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIZ
Current User Name: Liz Dennington
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2005/02/18 00:51:22 | 00,065,536 | ---- | M] () -- E:\WINDOWS\System32\wltrysvc.exe
PRC - [2005/04/25 14:39:32 | 00,848,011 | ---- | M] (Motorola Inc.) -- E:\WINDOWS\System32\bcmwltry.exe
PRC - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Explorer.EXE
PRC - [2005/05/19 19:50:58 | 00,667,788 | ---- | M] (Motorola Inc.) -- E:\WINDOWS\System32\WLTRAY.exe
PRC - [2002/09/24 01:50:48 | 00,290,816 | ---- | M] (Silicon Integrated Systems Corporation) -- E:\WINDOWS\System32\khooker.exe
PRC - [2009/02/05 15:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/05/12 00:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/03/27 15:22:56 | 00,103,928 | ---- | M] (Yahoo! Inc.) -- E:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2005/11/28 12:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- E:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/08/09 01:27:52 | 00,073,728 | ---- | M] (HP) -- E:\WINDOWS\System32\HPZipm12.exe
PRC - [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/08/02 12:31:42 | 00,514,048 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Liz Dennington\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- E:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2005/11/28 12:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- E:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/04/13 18:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/08/09 01:27:52 | 00,073,728 | ---- | M] (HP) -- E:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - File not found -- -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2005/02/18 00:51:22 | 00,065,536 | ---- | M] () -- E:\WINDOWS\System32\wltrysvc.exe -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...x?s=DEF&v=4&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.tsoxprid: "ZKfox002RVUS"
FF - prefs.js..browser.search.param.tsoxtbid: "B193BC60-8F89-4862-B6EA-59204C10B62A-TS"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: E:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/20 15:00:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2009/07/29 21:12:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2009/07/29 21:12:05 | 00,000,000 | ---D | M]

[2008/12/24 09:42:41 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\mozilla\Extensions
[2008/12/24 09:42:41 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/02 11:53:51 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\mozilla\Firefox\Profiles\4xb51h6x.default\extensions
[2009/01/11 10:14:02 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\mozilla\Firefox\Profiles\4xb51h6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/01/21 18:10:19 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\mozilla\Firefox\Profiles\4xb51h6x.default\extensions\[email protected]
[2009/08/02 11:53:51 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions
[2009/07/29 21:12:05 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/20 15:02:07 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/05/21 19:27:50 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/18 13:36:25 | 00,000,000 | ---D | M] -- E:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/29 21:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/29 21:11:21 | 00,134,648 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/29 21:11:42 | 00,065,528 | ---- | M] (mozilla.org) -- E:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/29 21:11:49 | 00,001,394 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/29 21:11:49 | 00,002,193 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/29 21:11:49 | 00,001,534 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/29 21:11:49 | 00,002,343 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/13 08:51:34 | 00,003,700 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/03/13 08:51:34 | 00,001,963 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\fast.xml
[2009/07/29 21:11:49 | 00,001,706 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/29 21:11:49 | 00,001,178 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/29 21:11:49 | 00,000,792 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - E:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast!] E:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Motorola Wireless Manager UI] E:\WINDOWS\System32\WLTRAY.exe (Motorola Inc.)
O4 - HKLM..\Run: [SiS KHooker] E:\WINDOWS\System32\khooker.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [msnmsgr] E:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [Yahoo! Pager] E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - E:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O12 - Plugin for: .spop - E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} http://zone.msn.com/...rs.1.0.0.39.cab (CPlayFirstPiratePoppersControl Object)
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} http://m1.cdn.gaiaon...ns/IDMFlash.cab (AXIDMDCP Class)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://zone.msn.com/...h2.1.0.0.68.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1180713511901 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1180714949609 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn...gr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab75406.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://zone.msn.com/...tg.1.0.0.37.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} http://cdn2.zone.msn...6/heartbeat.cab (Bridge Installer)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/...ersion=1,0,0,10 (AstoundLauncher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/.../default/ct.cab (TikGames Online Control)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/...WebLauncher.cab (SCEWebLauncherCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.56.133.69 67.217.18.29
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - E:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\Explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/26 20:09:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - E:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - E:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - E:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[5 E:\WINDOWS\*.tmp files]
[2009/08/02 12:31:40 | 00,514,048 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Liz Dennington\Desktop\OTL.exe
[2009/08/02 12:25:24 | 00,462,996 | ---- | C] () -- E:\Documents and Settings\Liz Dennington\Desktop\RootRepeal.zip
[2009/08/02 12:23:46 | 00,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2009/08/02 12:22:54 | 00,000,611 | ---- | C] () -- E:\Documents and Settings\Liz Dennington\Desktop\NTREGOPT.lnk
[2009/08/02 12:22:54 | 00,000,592 | ---- | C] () -- E:\Documents and Settings\Liz Dennington\Desktop\ERUNT.lnk
[2009/08/02 12:22:52 | 00,000,000 | ---D | C] -- E:\Program Files\ERUNT
[2009/08/02 12:21:35 | 00,791,393 | ---- | C] (Lars Hederer ) -- E:\Documents and Settings\Liz Dennington\Desktop\erunt_setup.exe
[2009/08/02 11:51:30 | 00,000,696 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/02 11:51:22 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/02 11:51:16 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2009/08/02 11:51:13 | 00,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2009/08/02 11:49:17 | 03,775,176 | ---- | C] (Malwarebytes Corporation ) -- E:\Documents and Settings\Liz Dennington\Desktop\mbam-setup.exe
[2009/07/30 11:06:28 | 00,000,000 | ---- | C] () -- E:\WINDOWS\khooker.INI

========== Files - Modified Within 14 Days ==========

[1 E:\WINDOWS\System32\*.tmp files]
[5 E:\WINDOWS\*.tmp files]
[2009/08/02 12:35:00 | 00,000,440 | -H-- | M] () -- E:\WINDOWS\tasks\User_Feed_Synchronization-{98DF4084-C755-4783-813B-51E442AAA7FD}.job
[2009/08/02 12:31:42 | 00,514,048 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Liz Dennington\Desktop\OTL.exe
[2009/08/02 12:25:26 | 00,462,996 | ---- | M] () -- E:\Documents and Settings\Liz Dennington\Desktop\RootRepeal.zip
[2009/08/02 12:22:54 | 00,000,611 | ---- | M] () -- E:\Documents and Settings\Liz Dennington\Desktop\NTREGOPT.lnk
[2009/08/02 12:22:54 | 00,000,592 | ---- | M] () -- E:\Documents and Settings\Liz Dennington\Desktop\ERUNT.lnk
[2009/08/02 12:21:38 | 00,791,393 | ---- | M] (Lars Hederer ) -- E:\Documents and Settings\Liz Dennington\Desktop\erunt_setup.exe
[2009/08/02 11:51:30 | 00,000,696 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/02 11:49:36 | 03,775,176 | ---- | M] (Malwarebytes Corporation ) -- E:\Documents and Settings\Liz Dennington\Desktop\mbam-setup.exe
[2009/08/02 11:41:02 | 00,000,684 | ---- | M] () -- E:\WINDOWS\win.ini
[2009/08/02 11:39:01 | 00,013,060 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2009/08/02 11:36:41 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2009/08/02 11:36:15 | 00,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2009/07/30 18:21:35 | 03,231,756 | -H-- | M] () -- E:\Documents and Settings\Liz Dennington\Local Settings\Application Data\IconCache.db
[2009/07/30 11:06:28 | 00,000,000 | ---- | M] () -- E:\WINDOWS\khooker.INI
[2009/07/25 18:03:57 | 00,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK

========== LOP Check ==========

[2009/07/30 18:20:38 | 00,000,000 | RH-D | M] -- E:\Documents and Settings\All Users\Application Data
[2007/08/13 19:41:26 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/08/28 11:33:57 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/06/17 12:39:16 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PopCap
[2009/05/21 16:52:51 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Roxio
[2008/01/06 13:12:35 | 00,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Trymedia
[2009/05/21 19:07:59 | 00,000,000 | -H-D | M] -- E:\Documents and Settings\Liz Dennington\Application Data
[2009/02/16 09:46:34 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\FrostWire
[2008/12/11 19:41:13 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\ICAClient
[2009/02/17 19:27:22 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\Image Zone Express
[2007/06/01 09:22:47 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\InterTrust
[2007/06/17 13:39:07 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\InterVideo
[2008/12/18 08:54:59 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\LimeWire
[2009/02/17 16:28:13 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\Move Networks
[2008/06/24 12:05:56 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\PlayFirst
[2009/02/06 22:38:01 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\Research In Motion
[2009/02/06 22:39:41 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\Roxio
[2008/05/31 20:08:10 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\SecondLife
[2009/01/02 02:57:39 | 00,000,000 | ---D | M] -- E:\Documents and Settings\Liz Dennington\Application Data\U3
[2001/08/18 08:00:00 | 00,000,065 | RH-- | M] () -- E:\WINDOWS\Tasks\desktop.ini
[2009/08/02 11:36:41 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\Tasks\SA.DAT
[2009/08/02 12:35:00 | 00,000,440 | -H-- | M] () -- E:\WINDOWS\Tasks\User_Feed_Synchronization-{98DF4084-C755-4783-813B-51E442AAA7FD}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\Wireless Network Settings.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\The_Cherry_Tree_by_Gwarf.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\The Surprise.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\start up cost proposal.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\Resume Cover letter.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\network settings.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\LizResume010109.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\Junk in the Trunk consignment agreement.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\JITT Flyer 1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\HR_Policy_Manual04_-_RR130_Big.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\gaia screenshots.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\Gaia inventory.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\Elizabeth Dennington Resume.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\Dee's MTG list.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\Creamed New Potatoes.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\birthcertorder.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Documents and Settings\Liz Dennington\My Documents\add code for myspace.doc:Roxio EMC Stream
< End of report >





OTL Extras logfile created on: 8/2/2009 12:33:39 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = E:\Documents and Settings\Liz Dennington\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 220.09 Mb Available Physical Memory | 49.18% Memory free
1.03 Gb Paging File | 0.77 Gb Available in Paging File | 74.90% Paging File free
Paging file location(s): E:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 18.63 Gb Total Space | 14.05 Gb Free Space | 75.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 37.25 Gb Total Space | 25.16 Gb Free Space | 67.55% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LIZ
Current User Name: Liz Dennington
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- C:\WINDOWS\system32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- E:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\Program Files\MSN Messenger\msnmsgr.exe" = E:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"E:\Program Files\MSN Messenger\livecall.exe" = E:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"E:\Program Files\Yahoo!\Messenger\YServer.exe" = E:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\Documents and Settings\Liz Dennington\Application Data\U3\000016178172C6B0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe" = E:\Documents and Settings\Liz Dennington\Application Data\U3\000016178172C6B0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype -- File not found
"E:\Program Files\Messenger\msmsgs.exe" = E:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"E:\Program Files\Bonjour\mDNSResponder.exe" = E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"E:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = E:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"E:\Program Files\MySpace\IM\MySpaceIM.exe" = E:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger -- File not found
"E:\Program Files\MSN Messenger\msnmsgr.exe" = E:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"E:\Program Files\MSN Messenger\livecall.exe" = E:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"E:\Program Files\FrostWire\FrostWire.exe" = E:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"E:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = E:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"E:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = E:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"E:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = E:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"E:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = E:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 14
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{C98F2FE6-5AF5-11D6-8209-00D0B701C7B5}" = Terayon DOCSIS Modem
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast!" = avast! Antivirus
"ERUNT_is1" = ERUNT 1.1j
"FrostWire" = FrostWire 4.17.2
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Motorola Wireless Network Adapter" = Motorola Wireless Network Adapter
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SiS M650" = SiS M650
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"Poingo Content Manager" = Poingo Content Manager

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 1/19/2009 11:06:32 AM | Computer Name = LIZ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\Program Files\Microsoft Office\Office10\outllib.dll failed, 0000A413.

Error - 1/19/2009 11:49:31 AM | Computer Name = LIZ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\Program Files\Java\jre6\bin\client\jvm.dll failed, 0000A413.

Error - 1/30/2009 1:47:51 PM | Computer Name = LIZ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://thumbs.redtub...0017264_005.jpg failed, 0000A413.


Error - 1/30/2009 5:02:29 PM | Computer Name = LIZ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\Program Files\Java\jre6\bin\client\jvm.dll failed, 0000A413.

Error - 5/10/2009 9:03:20 AM | Computer Name = LIZ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\PROGRAM FILES\MOZILLA FIREFOX\XUL.DLL failed, 0000A413.

Error - 5/10/2009 9:03:22 AM | Computer Name = LIZ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\PROGRAM FILES\MOZILLA FIREFOX\JS3250.DLL failed, 0000A413.

Error - 5/10/2009 9:03:23 AM | Computer Name = LIZ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\WINDOWS\SYSTEM32\DNSAPI.DLL failed, 0000A413.

Error - 5/10/2009 2:25:27 PM | Computer Name = LIZ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.0.2600.5581_X-WW_DFBC4FC4\GDIPLUS.DLL
failed, 0000A413.

Error - 5/10/2009 2:25:28 PM | Computer Name = LIZ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\PROGRAM FILES\INTERNET EXPLORER\IEPROXY.DLL failed, 0000A413.

Error - 5/10/2009 2:25:41 PM | Computer Name = LIZ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\Program Files\Microsoft Office\Office10\outllib.dll failed, 0000A413.

[ Application Events ]
Error - 5/24/2009 8:43:54 PM | Computer Name = LIZ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module mshtml.dll, version 7.0.6000.16825, fault address 0x00139204.

Error - 5/24/2009 8:47:04 PM | Computer Name = LIZ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module mshtml.dll, version 7.0.6000.16825, fault address 0x00139204.

Error - 6/21/2009 9:38:21 PM | Computer Name = LIZ | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16850, faulting
module mshtml.dll, version 7.0.6000.16850, fault address 0x0003c4f1.

Error - 6/23/2009 3:53:50 PM | Computer Name = LIZ | Source = ESENT | ID = 489
Description = wuauclt (1916) An attempt to open the file "E:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 6/23/2009 3:53:50 PM | Computer Name = LIZ | Source = ESENT | ID = 455
Description = wuaueng.dll (1916) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile E:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 6/23/2009 3:54:00 PM | Computer Name = LIZ | Source = ESENT | ID = 489
Description = wuauclt (1916) An attempt to open the file "E:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 6/23/2009 3:54:00 PM | Computer Name = LIZ | Source = ESENT | ID = 455
Description = wuaueng.dll (1916) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile E:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 6/26/2009 10:50:16 AM | Computer Name = LIZ | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3439, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2009 10:50:49 AM | Computer Name = LIZ | Source = Application Hang | ID = 1001
Description = Fault bucket 1304656578.

Error - 7/27/2009 3:15:18 PM | Computer Name = LIZ | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3439, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/25/2009 3:34:32 PM | Computer Name = LIZ | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.102 on
the Network Card with network address 000802D36586.

Error - 7/25/2009 3:35:37 PM | Computer Name = LIZ | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 7/26/2009 11:04:23 AM | Computer Name = LIZ | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 7/28/2009 11:56:59 PM | Computer Name = LIZ | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 7/29/2009 12:41:49 PM | Computer Name = LIZ | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 7/29/2009 8:09:40 PM | Computer Name = LIZ | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.

Error - 7/30/2009 12:50:09 PM | Computer Name = LIZ | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 7/30/2009 1:09:09 PM | Computer Name = LIZ | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Visual C++ 2005 Service Pack
1 Redistributable Package (KB973923).

Error - 7/30/2009 3:51:32 PM | Computer Name = LIZ | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 8/2/2009 1:38:20 PM | Computer Name = LIZ | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.


< End of report >

Edited by liz1176, 02 August 2009 - 01:18 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP